- This article explains why and how to disable Gateway Firewall logging in VMware NSX to optimize performance and reduce unnecessary resource usage.

- vDefend Gateway Firewall was formerly known as NSX Gateway Firewall or NSX Edge Firewall.

Gateway Firewall logging in VMware NSX is a valuable feature for troubleshooting and monitoring traffic. However, in certain scenarios, such as high-throughput environments or when debugging is not required, enabling logging can consume significant resources. Disabling logging can help improve system performance and reduce CPU consumption for logs.

How to determine the Gateway Firewall Logging rate(Log lines per second)

1. Login to the NSX Edge as root
2. Execute the following
   less /var/log/firewallpkt.log | awk -F '.' '{print $1}' | sort | uniq -c | sort -nrk 1 | head -n 10
   

   Example: 
   > The following command prints the top 5 timestamps with highest logging
   > The first column indicates the number of Log lines per second and the second column shows the time
   root@Edge-2:/var/log# less /var/log/firewallpkt.log | awk -F '.' '{print $1}' | sort | uniq -c | sort -nrk 1 | head -n 5
       8999 2024-12-06T22:13:12
       8160 2024-12-06T22:13:03
       8034 2024-12-06T22:12:29
       8001 2024-12-06T22:12:20
       7982 2024-12-06T22:11:53
    

When to Disable Gateway Firewall Logging:

1. High Traffic Environments:

Logging every packet or session can lead to excessive log generation, impacting performance.

2. Stable Production Systems:

If the network configuration and policies are stable, logging may not be necessary.

3. Resource Constraints:

To reduce disk usage, CPU overhead, and storage requirements for log retention.

4. Reduce Latency:

Disabling logging can help minimize latency introduced by processing and recording logs.